Archive

It’s time for the second part of the January Cyber Attacks Timeline (Part I here).

In comparison with the first half of the month, in absolute terms, these two weeks have seen a slightly smaller number of attacks. However, even if the general trend has shown a decrease, the hacktivists (most of all the pro-Islamist ones) have been equally very active (and the French evening newspaper Le Monde, fallen under the keystrokes of the infamous Syrian Electronic Army, is the most illustrious victim).

Turning the attention to Cyber Crime, the most important event related to this category is probably the leak of 700,000 accounts from the Australian travel insurer Aussie Travel Cover. Of course there are many other background events, but no one reached an impact as noticeable as that.

Last but not least, I have not recorded noticeable events or campaigns related to Cyber Espionage.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

It’s now time for the first chart of this 2015, a year that has begun in the worst way even from an Information Security perspective, given the high number of attacks recorded in the first half of January.

Unfortunately the sad events happened in Paris have inevitably conditioned this period: France has been the target of an unprecedented number of cyber attacks (approximately 19,000) allegedly carried on by Islamist hackers and strictly related with the events of the Charlie Hebdo. Nearly in contemporary, the Anonymous have declared war against the IS-IS and have taken down several Jiahdist sites. In the meantime the pro IS-IS hackers of the Cyber Caliphate have found the time to hijack the Twitter account of the CENTCOM: the US military command that oversees operations in the Middle East.

France has also been one of the main targets for Cyber Criminals, since the most remarkable breach of this two weeks has hit the shopping site of TF1, the most important local TV stations (nearly 2 million records possibly compromised). There is also indication of a possible attack to the Spanish affiliate of Orange, but it has not been confirmed.

Other noticeable events of this period concern a possible breach to the EA/Origin service, another (failed) attempt to blackmail a bank, perpetrated by the infamous Rex Mundi collective, and, on a different scale a massive malvertising campaign targeting sites with a combined total monthly traffic of around 1.5 billion visitors.

However, at least for once, I have not recorded events related to Cyber Espionage.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

It’s time for the first Cyber Attacks Timeline of December (and the last for 2014).

Of course the attention of the infosec professionals is still concentrated on the devastating cyber attack against Sony happened in November (and the world as we know it, won’t be the same again), nonetheless this first 15 days have shown some remarkable events, not least the news of a breach happened earlier this year to Sony (once again), which went unreported.

At least for once, let us start from hacktivism. The hacktivists seem to be back in action: the Anonymous have taken part, directly or indirectly to several operations motivated by the racial tensions in the US (DDoS attacks against Oakland and Ontario), the raids against the Pirate Bay (leaks of Governmental emails), and the protests against the new High Speed Train line connecting Turin and Lyon (the defacement of Official website of theRhône-Alpes region).

A different form of hacktivism (but the border with Cyber Warfare in this case is really blurred) hit Sands Casinos earlier this year. Bloomberg has revealed that an apparent innocuous defacement happened in February was actually the mark of a more devastating attack perpetrated by Iranian hackers, who were able to wipe out all the internal clients and servers.

The Cyber Crime landscape (again maybe it should be more correct to call it Cyber Warfare) is still dominated by the outcome of the Infamous attack to Sony. Other interesting events concern the attack to an unnamed steel industry in Germany, causing physical damages, yet another wave of DDoS attacks against Sony (again!) and XboX Live, and the alleged compromise of Ars Technica requiring the registered users to change their passwords.

Last but not least, the level of state-sponsored operations is always high: at least three of them deserve to be mentioned: Operation Cleaver (allegedly backed by Iran), the resurrection of the Red October Group (Cloud Atlas or Inception) and also the discovery that the ISIS is active also in the Cyber Space, targeting a group of Syrian activists.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

The first half of November is gone, so it’s time for the list of the main cyber attacks occurred during these fifteen days.

Confirming the trend of the last months, the activity has been quite sustained. For sure, the most remarkable attack has targeted the Turkish branch of HSBC, and has affected 2.7 million customers, whose credit cards have been compromised (and apparently the bank has decided not to issue new cards for the impacted users).

Again the operations related to cyber espionage have played an important role: some new campaigns have come to light (for instance Darkhotel), and also several noticeable attacks have been discovered, like the one against the United States Postal Service (600,000 users affected) or the one against the National Oceanographic and Atmospheric Administration.

Even hacktivists have been quite active: the RedHack collective has reemerged from several months in stealth mode (they claim to have deleted 650,000 USD worth 0f electricity power debt), and some hackers claiming to be affiliated to the Anonymous collective have performed similar operations in Italy (in parallel with the delicate social and economical period) and the Philippines.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

It’s time for the second timeline of October (Part I here) covering the main cyber attacks between the 16th and 31st: yet another consistent list confirming the growing trend of the last period.

In particular, in these two weeks the most important events have been spotted inside Cyber Espionage, whose chronicles report, among other, a state-sponsored attack to an unclassified network of the White House, a relevant number of operations (APT 28, Operation Pawn Storm, Operation SMN, Operation DeathClick, a tail of the infamous Sandworm), and even a man-in-the-middle attack against Chinese iCloud users.

Cybercrime is also on a roll: the trail of attacks against retailers seems unstoppable (Staples is the latest victim), but chronicles also report a massive breach in South Korea, involving Pandora TV and a gigantic SQL Injection attack, driven by CVE-2014-3704, against every unpatched website running Drupal, existing on this desperate planet. There is also space for a little bit of irony, as in case of Sourcebooks, the publisher hacked few days before releasing the latest book of Brian Krebs.

Israel and Ukraine keep on being two hot fronts for Hacktivism, whereas India is again the cradle of cyberwar, many events event in this months (despite limited to skirmishes involving defacements of governmental and military websites).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Here we go with the first timeline of the main Cyber Attacks happened in October (according to my personal evaluation metric).

Two weeks very active from an information security perspective. The list of attacks is quite long and heterogeneous, with massive breaches (The Snappening and a list of nearly 7.000.000 compromised accounts used to brute-force Dropbox), a rich list of cyber crime and cyber espionage campaigns, a renewed burst of the cyber war between India and Pakistan, and a couple of operations orchestrated by hacktivists.

Digging into Cyber Crime, besides the two above quoted events, we find the Mac.BackDoor.iWorm, a widespread botnet targeting OS X, and trapping 17,000 devices. The list continues with a purported attack against Yahoo, initially believed to be orchestrated exploiting the infamous Shellshock vulnerability, the ATM malware Tyupkin, supposed to have been used for stealing millions of bucks from 50 ATMs in Eastern Europe and Russia, a breach against Kmart, and, last but not least, other two (and a half) waves of leaked photos from the Snappening.

Scrolling down the Cyber Espionage events, we cannot help but notice a similar abundance of operations with a widespread usage of 0-day vulnerabilities. Just to mention several names: Sandworm, Hurricane Panda, and even an old acquaintance like Nitro.

India and Pakistan were very busy in the Cyber Space, with defacements and leaks against a wide range of mutual targets like also the Anonymous, who kicked off #OPHK, against China and in support of Hong Kong protesters.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

This month will be probably remembered for the Home Depot breach. Yet another one caused by the same POS malware family that hit Target, with a similar dramatic extension: unfortunately the retailer believes that 56 million of credit cards could have been compromised in this case. After such a similar gigantic breach there is not so much to add as far as Cyber Crime is concerned, as it overshadowed all the rest.

In regards of Hacktivism, this has been a terrible month for Pakistan, which has attracted the unwelcome attentions of hacktivists protesting against the corruption of the government. As a consequence dozens of government sites have been bombarded with DDOS attacks, (with few cases of defacements and leaks).

Nothing particularly important to mention for Cyber Espionage. After the spree of the past months, maybe is time for a break.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Interesting Links

About This Blog

In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.

Every information is reported with its source.

Anyone intending to use the information contained in my posts is free to do so, provided my blog is mentioned in your article.